Summary: | sys-libs/glibc: Multiple vulnerabilities (CVE-2019-{1010022,1010023,1010024}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | phmagic, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-03-02 14:24:00 UTC
3) CVE-2019-1010022 Description: "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard." Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22850 Patch: No fix yet My impression is that upstream sees these more as "enhancement requests" than as actual security bugs. (In reply to Andreas K. Hüttel from comment #2) > My impression is that upstream sees these more as "enhancement requests" > than as actual security bugs. I agree, although it'd be nice to get them fixed eventually. They haven't officially disrupted the CVEs though. :/ No news upstream. No news upstream. No news upstream. |